What's New

Correction—Updated 16 June 2020

The “Introducing Jamf Setup 2.0.0” section has been updated since the original publishing of these release notes to clarify the default authentication method.

Configuration Profiles Redesign Project

Restrictions for Mobile Devices

Jamf Pro 10.22.0 introduces Restrictions for Mobile Devices as the next redesigned payload, with the following enhancements:

  • Revamped user interface with toggles and action buttons

  • Settings are now grouped in the left-side navigation under three nodes:

    • Functionality

    • Apps

    • Media Content

  • New filtering mechanism allows you to selectively display settings relevant to the deployment target's operating system and the supervision requirement. To remove all filters, use Clear All.

  • Modified setting labels now correspond with the action toggle buttons.


Note: The operating system manages settings on the device level. Some settings enforced by the profile that do not change default values will not be visible on the device. For more information on the default settings, see the Restrictions documentation from Apple.

  • Improved error handling

  • When configuring the "App usage" or "Autonomous Single App Mode apps" setting, searching for apps is possible only by app name. The "Bundle ID" value for apps added from the catalog cannot be edited. You can continue to manually add and edit the “Bundle ID” value for custom apps.

  • Due to Apple's deprecation of the forceClassroomManagedClassroomScreenObservation key, it is sent to devices in scope together with the current forceClassroomUnpromptedScreenObservation key. The operating system manages the Classroom to perform AirPlay and screen observation without prompting setting on the device level.

  • The Allow use of Apple's YouTube (iOS 4 and 5 only) setting is deprecated.

Important: When upgrading Jamf Pro, any previously created mobile device configuration profiles that include the Restrictions payload settings are automatically migrated. Use the Jamf Pro user interface to review the settings. The migrated configuration profiles are not automatically redistributed to devices.

Revised Media Content Settings

The revised Media Content settings now better reflect region-specific values available in Apple's Profile Manager and Apple Configurator.

Added Settings
The following settings have been added:


Content Type

Added Setting

Value Sent to
Devices in Scope





TV Shows




TV Shows




TV Shows
















New Zealand




TV Shows











United Kingdom

TV Shows



Renamed Settings
The following settings have been renamed:


Content Type

Setting in Jamf Pro 10.21.0 or Earlier

Setting in Jamf Pro 10.22.0

Value Sent to Devices in Scope

Further Considerations




Tout public


When the "-10" setting in Jamf Pro 10.22.0 or later is configured, the value "150" is sent to devices in scope.


TV Shows

















New Zealand





When the "M" setting in Jamf Pro 10.22.0 or later is configured, the value "250" is sent to devices in scope.




When the "R16" setting in Jamf Pro 10.22.0 or later is configured, the value "380" is sent to devices in scope.

Important: The value "600" is deprecated for newly configured payloads. For payloads configured in Jamf Pro 10.21.0 or earlier with the "RP" setting and migrated, the value in the profile is set to "375". These profiles are not redeployed automatically. To ensure the highest possible level of restrictions for movies in the New Zealand region, choose "R" from the pop-up menu, and redeploy the profile. This will cause Jamf Pro to send the value "500" to devices in scope.

Branding and Preview Functionality in Enrollment Customization

You can now customize elements within the Enrollment Customization configuration to present users with a familiar look and feel. You can customize the icon that is displayed at the top of the screen during the enrollment process; and you can customize the color of the text, navigational buttons, and background in the Text and LDAP Authentication PreStage Panes. You can preview the enrollment experience for macOS, iOS, and iPadOS of the configured panes in Jamf Pro and advance through the screens. The preview automatically displays your changes so you can finalize your configuration before saving.


  • When uploading an icon, it is required that you use a file with the GIF or PNG format and a recommended size of 180x180 pixels.

  • The preview functionality for a Single Sign-On Authentication PreStage Pane is a generic authentication preview. This user experience is dependent on your Identity Provider.

To access these features, navigate to Settings > Computer Management > Enrollment Customization. This functionality is on the new Branding and Preview tab of an Enrollment Customization configuration.

PreStage Enrollment Sync Improvements

Computer and Mobile Device PreStage enrollments now display the assignment status of the individual device as it transitions through the sync process and is assigned to the PreStage.

To view the status, navigate to an existing Computer or Mobile Device PreStage enrollment and click the Scope tab. The status is displayed in the "Device Assignment Status" column.

Additional Reporting Capabilities for Users

You can now create a smart group or an advanced search based on the following attributes for users:

  • Roster Class Display Name

  • Roster Class Status

  • Roster Course Status

  • Roster User Status

  • Roster Location Status

Jamf Parent Enhancement

Parents can now configure Device Rules in Jamf Parent 4.1.0. Parents can use Device Rules to schedule app and website restrictions on their child's device, such as for homework time or bedtime. For more information on how to configure and distribute Jamf Parent, see Integrating Jamf Parent with Jamf Pro in the Jamf Pro Administrator's Guide.

Introducing Jamf Setup 2.0.0

Jamf Setup can now use the OAuth authentication protocol with the Jamf Pro server. This integration occurs automatically when Jamf Setup 2.0.0 is added to Jamf Pro 10.21.0 or later.

Switching to OAuth authentication—If an earlier version of Jamf Setup was used in your organization, you must also update Jamf Setup's managed app configuration before distributing the app update to mobile devices. If a dedicated Jamf Pro user account was previously used to make API calls for Jamf Setup, this account can be deleted after you have switched to OAuth authentication.

Continuing to use basic authentication—To allow administrators time to transition to OAuth authentication, Jamf Setup 2.0.0 will continue to use basic authentication by default. If you have deployed an earlier version of Jamf Setup, you can upgrade to Jamf Setup 2.0.0 and continue to use your current managed app configuration and dedicated Jamf Pro user account for Jamf Setup API calls.

Important: A future release of Jamf Setup will discontinue basic authentication compatibility. Upgrading to Jamf Pro 10.21.0 or later and switching to OAuth authentication before basic authentication is discontinued is recommended.

Jamf Setup 2.0.0 will be available in the App Store when it is approved by Apple.

Security Improvements in Composer

Composer 10.22.0 includes a bug fix for an issue found in versions 10.18.0 to 10.21.0, which allowed standard users to obtain access to resources that require root access if Composer and the privileged helper from 10.18.0 to 10.21.0 was previously installed on the same computer with an administrator account.

To ensure computers with Composer are not affected by this issue, upgrade to Composer 10.22.0.

For more information about Composer, see the Composer User Guide.

Jamf Pro API Changes and Enhancements

The Jamf Pro API beta is open for user testing. The base URL for the Jamf Pro API is /api. You can now access documentation for both the Jamf Pro API and the Classic API from the new API landing page. To access the landing page, append "/api" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/api

Note: As the Jamf Pro API continues to be developed, changes will be made in future releases that may impact or break functionality. We strongly encourage that you test existing workflows using the Jamf Pro API before upgrading your production environment.

The following endpoints were added:

  • POST /v1/departments/delete-multiple

  • GET /v1/device-enrollments

  • GET /v1/device-enrollments/public-key

  • GET /v1/device-enrollments/syncs

  • POST /v1/device-enrollments/upload-token

  • GET /v1/device-enrollments/{id}

  • PUT /v1/device-enrollments/{id}

  • DELETE /v1/device-enrollments/{id}

  • GET /v1/device-enrollments/{id}/devices

  • POST /v1/device-enrollments/{id}/disown

  • GET /v1/device-enrollments/{id}/history

  • POST /v1/device-enrollments/{id}/history

  • GET /v1/device-enrollments/{id}/syncs

  • GET /v1/device-enrollments/{id}/syncs/latest

  • PUT /v1/device-enrollments/{id}/upload-token

  • GET /v2/computer-prestages

  • POST /v2/computer-prestages

  • GET /v2/computer-prestages/scope

  • GET /v2/computer-prestages/{id}

  • PUT /v2/computer-prestages/{id}

  • DELETE /v2/computer-prestages/{id}

  • GET /v2/computer-prestages/{id}/scope

  • PUT /v2/computer-prestages/{id}/scope

  • POST /v2/computer-prestages/{id}/scope

  • POST /v2/computer-prestages/{id}/scope/delete-multiple

  • POST /v2/inventory-preload

  • POST /v2/inventory-preload/csv

The following endpoints were deprecated:

  • GET /v1/computer-prestages

  • POST /v1/computer-prestages

  • GET /v1/computer-prestages/scope

  • GET /v1/computer-prestages/{id}

  • PUT /v1/computer-prestages/{id}

  • DELETE /v1/computer-prestages/{id}

  • GET /v1/computer-prestages/{id}/scope

  • PUT /v1/computer-prestages/{id}/scope

  • POST /v1/computer-prestages/{id}/scope

  • DELETE /v1/computer-prestages/{id}/scope

  • POST /v1/inventory-preload

The following endpoints were removed:

  • POST /v1/action/device-enrollment/upload-token

  • POST /v1/action/device-enrollment/{id}/disown

  • PUT /v1/action/device-enrollment/{id}/upload-token

  • POST /v1/departments/delete-departments

  • POST /v1/departments/search-departments

  • GET /v1/device-enrollment

  • GET /v1/device-enrollment/public-key

  • GET /v1/device-enrollment/sync

  • GET /v1/device-enrollment/sync/{id}

  • GET /v1/device-enrollment/sync/{id}/latest

  • GET /v1/device-enrollment/{id}

  • PUT /v1/device-enrollment/{id}

  • DELETE /v1/device-enrollment/{id}

  • GET /v1/device-enrollment/{id}/devices

  • GET /v1/device-enrollment/{id}/history

  • POST /v1/device-enrollment/{id}/history

Endpoints with the following tags have been updated to provide a more consistent user experience:

  • Auth

For more information on these changes, see the Jamf Pro API documentation.

Other Changes and Enhancements

  • Improved the performance of syncing user information from Apple School Manager.

  • The button in the Jamf Pro Setup Assistant and other assistants which navigates to the previous step in the process has been renamed from "Back" to "Previous".

  • The button in the Jamf Pro Summary preview page which cancels the creation of the summary has been renamed from "Back" to "Cancel".

  • The smart computer group and advanced computer search criteria which indicates whether or not a computer was enrolled via Automated Device Enrollment has been renamed from "Enrolled via DEP" to "Enrolled via Automated Device Enrollment".

  • The labels in the Activation Code page in settings have been changed as follows:

    • "Managed Computers" is now "Total Computer Licenses Purchased".

    • "Managed Mobile Devices" is now "Total Device Licenses Purchased".

    • "Computers Not Managed" is now removed from the interface.

Further Considerations

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.